Security is one of the key areas of concern in today's time both at national and local levels. While breach of security systems at various ports of entry can lead to illegitimate people entering a country causing national threat. At a local level, a compromise on the Internet security can lead to huge financial losses for individuals or to their corporate.
Biometric authentication systems have been around for a while now and slowly these systems are being implemented for gearing up security both at the national and local levels.
At the local level, biometric based authentication devices have been in use. However, the scope of these devices is restricted to access control applications. In access control applications, biometric prints have been used to give users access to their homes, offices or personal property like electronic devices, cars, electronic safes and the like. However, these systems do not harness the true capability of biometric systems.
Lately cyber-crimes are increasing by the hour with fraudulent individuals hacking into financial accounts, e-commerce sites and databases holding sensitive information. Hence, there is felt a need for not only a security mechanism which can safeguard the sensitive information and provide access to only genuine users, but also non-repudiate in terms law of a land's forensic requirements. Biometric based authentication for conducting e-commerce/e-banking transactions is one such mechanism. However, this form of authentication has not been widely accepted due to implementation challenges faced by retail markets for capturing and storing bio prints of users in advance and the need for specialized hardware in the form of biometric scanners to scan and transmit the bio prints to authenticate users.
Many governmental agencies across the globe have now installed biometric reading gadgets at various ports of entry to obtain biometric prints of incumbent travelers, which offer ‘Go’ or ‘No Go’ to gate the entry. In addition to obtaining biometric prints, the government agencies are also issuing biometric visas which include a copy of the travelers' digital photo and selected biometric print. The biometric print in the visa is compared with the real-time scan of the individual's biometric prints, at the port of entry, to confirm the identity of the traveler.
In one of such endeavors, Government of India is working under Unique Identification (UID) program to develop country vide bio print repository as a tool to identify the citizens of India and use the identification information for possible use in e-Commerce.
To combat both the national and local level security issues biometric presents a strong authentication solution. Biometric mechanisms enable agencies at the national and local level to capture a combination of biometric prints of users including fingerprints, iris scan, voice scan and the like which can be stored at a central location. The users can be authenticated using the biometric scan stored at the central repository for granting access.
However, users all over the world are skeptical about passing their biometric prints on any communication media during or even after the authentication process. As in the event that the biometric prints are compromised a user will completely loose his/her bio identity and future access to any of the biometric based systems because biometric based systems have no password reset mechanism unlike in number or picture based challenge response process.
At the same length, the BFI's (Banking, Finance and Insurance) are the most affected parties in business due to cash loss as a result of false or imposter authentication. Hence, the BFI's demand a more clear and unambiguous non-repudiation process in place while offering ease of operation to their clients by bringing in the much required confidence to use the net based transaction.
Further, currently at the national level in India, the UID or any equivalent agency doesn't undertake the task of capturing the biometric prints of travelling or visiting foreigners to determine their authenticity during their temporary relocation. Therefore, there is felt a need for a system which:                harnesses the true capability of embedding the unambiguous non-repudiation process which remains agnostic to multiple OEM (Original Equipment Manufacturer) bio reading gadgets;        overcomes the challenges faced in providing biometric based authentication and authorization mechanisms for critical transactions;        prevents undue tampering of biometric prints of users; and        ensures that a user's biometric prints are not transmitted over the Internet.        